Page MenuHomePhabricator
Create Task
Maniphest T154384

"View Source" link appears as "Edit" for autoconfirmed users (who cannot edit newsletters)
Closed, ResolvedPublic
Actions

Description

This is a minor visual problem; clicking the link properly produces a permission error, but it says 'Edit'

Details

SubjectRepoBranchLines +/-
Restricted Newsletter editing to "newsletter-manage" group.mediawiki/extensions/Newslettermaster+4 -1
Customize query in gerrit

Related Objects

Event Timeline

Pppery created this task.Dec 31 2016, 11:00 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptDec 31 2016, 11:00 PM
Pppery added a comment.Dec 31 2016, 11:00 PM

Will I ever stop finding new bugs?

Aklapper added a comment.Dec 31 2016, 11:49 PM
In T154384#2909111, @Pppery wrote:

Will I ever stop finding new bugs?

In general that's very unlikely. Welcome to the reality of software development. :P

Filip subscribed.Jan 1 2017, 3:27 PM
Qgil added a project: Google-Code-In-2016.Jan 7 2017, 10:44 AM
Qgil subscribed.

Good catch. As a general principle, users should be presented labels / links according to their permissions, in order to avoid false expectations.

If a user cannot edit a newsletter, the label should be either "View source"+ link.

Filip claimed this task.Jan 14 2017, 3:14 PM
Filip removed a project: Google-Code-In-2016.
Filip added a comment.Jan 14 2017, 3:16 PM

GCI is over - we should do some cleanup.

Filip closed this task as Resolved.Jan 14 2017, 6:05 PM

Now all of Newsletter groups are only to sysop. Can't recreate this.

Pppery reopened this task as Open.Jan 16 2017, 5:19 PM
Pppery removed Filip as the assignee of this task.

This bug still exists, but was made impossible to test by the change of newsletter-create to sysop. The link still displays edit for a user with the newsletter-create right but not the newsletter-manage right, who cannot edit newsletters.

gerritbot subscribed.Jan 16 2017, 6:33 PM

Change 332366 had a related patch set uploaded (by Filip):
Restricted Newsletter editing to "newsletter-manage" group.

https://gerrit.wikimedia.org/r/332366

gerritbot added a project: Patch-For-Review.Jan 16 2017, 6:33 PM
Filip claimed this task.Jan 16 2017, 6:33 PM

Pppery: Hmm, thats rare case.

gerritbot added a comment.Feb 4 2017, 9:40 PM

Change 332366 merged by jenkins-bot:
Restricted Newsletter editing to "newsletter-manage" group.

https://gerrit.wikimedia.org/r/332366

Filip closed this task as Resolved.Feb 4 2017, 9:45 PM

@Pppery @01tonythomas Admins can disable rights using newsletter-create: false now, do I think, we can close this :)

Qgil awarded a token.Feb 7 2017, 1:39 PM
Pppery mentioned this in T154383: Autoconfirmed users with `newsletter-create` right can move newsletters.Feb 8 2017, 10:04 PM
Pppery mentioned this in T159084: [Security] Fix inconsistent Newsletter user rights .Mar 15 2017, 1:38 AM
Pppery removed a project: Patch-For-Review.Oct 11 2020, 10:43 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL